Practice CTF List / Permanant CTF List

Here's a list of some CTF practice sites and tools or CTFs that are long-running. Thanks, RSnake for starting the original that this is based on. If you have any corrections or suggestions, feel free to email ctf at the domain psifertex with a dot com tld.

Live Online Games

Recommended

Whether they're being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time.

http://pwnable.kr/ (one of the more popular recent wargamming sets of challenges)https://picoctf.com/ (Designed for high school students while the event is usually new every year, it's left online and has a great difficulty progression)https://microcorruption.com/login (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430)http://ctflearn.com/ (a new CTF based learning platform with user-contributed challenges)http://reversing.kr/http://hax.tor.hu/https://w3challs.com/https://pwn0.com/https://io.netgarage.org/http://ringzer0team.com/http://www.hellboundhackers.org/http://www.overthewire.org/wargames/http://counterhack.net/Counter_Hack/Challenges.htmlhttp://www.hackthissite.org/http://vulnhub.com/http://ctf.komodosec.com

Others

https://www.onlinectf.com/challenges/https://backdoor.sdslabs.co/http://smashthestack.org/wargames.htmlhttp://hackthecause.info/http://bright-shadows.net/http://www.mod-x.co.uk/main.phphttp://scanme.nmap.org/http://www.hackertest.net/http://net-force.nl/http://securityoverride.org/ Some good concepts, but "canned" vulnerabilities (string matching on input) will frustrate knowledgable hackers and teach newbies the wrong lessons

Meta

http://www.wechall.net/sites.php (excellent list of challenge sites)http://ctf.forgottensec.com/wiki/ (good CTF wiki, though focused on CCDC)http://repo.shell-storm.org/CTF/ (great archive of CTFs)

Webapp Specific

http://demo.testfire.net/http://wocares.com/xsstester.phphttp://crackme.cenzic.com/http://test.acunetix.com/http://zero.webappsecurity.com/

Forensics Specific

http://computer-forensics.sans.org/community/challengeshttp://computer-forensics.sans.org/community/challengeshttp://forensicscontest.com/

Recruiting

https://www.praetorian.com/challenges/pwnable/http://rtncyberjobs.com/http://0x41414141.com/

Paid Training

http://heorot.net/

Downloadable Offline Games

http://www.badstore.net/http://www.owasp.org/index.php/Category:OWASP_WebGoat_Projecthttp://www.owasp.org/index.php/Owasp_SiteGeneratorDamn Vulnerable Web AppStanford SecureBenchStanford SecureBench Microhttp://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

Virtual Machines

https://pentesterlab.com/exercises/http://sourceforge.net/projects/metasploitable/files/Metasploitable2/Damn Vulnerable Linux (not currently live? local mirror)

Inactive or Gone

Just around for historical sake, or on the off-chance they come back.

http://rootcontest.com/http://intruded.net/https://how2hack.netWebMaven (Buggy Bank)http://www.foundstone.com/us/resources/proddesc/hacmetravel.htmhttp://www.foundstone.com/us/resources/proddesc/hacmebooks.htmhttp://www.foundstone.com/us/resources/proddesc/hacmecasino.htmhttp://www.foundstone.com/us/resources/proddesc/hacmeshipping.htmhttp://hackme.ntobjectives.com/http://testphp.acunetix.com/http://testasp.acunetix.com/Default.asphttp://prequals.nuitduhack.comhttp://www.gat3way.eu/index.php (Russian)http://exploit-exercises.com/ (challenges mirrored on vulnhub)http://damo.clanteam.com/http://p6drad-teel.net/~windo/wargame/http://roothack.org/http://ha.ckers.org/challenge/http://ha.ckers.org/challenge2/http://www.dc3.mil/challenge/