CTF

Capture the Flag / Hands On

After reading theory, and perhaps running specific examples or labs, I like to practice in slightly more open environments. Here are the ones I have enjoyed the best, keeping in mind that there are many more available than I will ever have time to try. If something sounds interesting - try it!

Over the wire - Natas is great for web pen testing, and the rest for coming up to speed on things like buffer overflow and memory corruption. I haven't completed everything on the site, but I always learned a lot. All the challenges are free.

Pentester lab - an excellent site for learning, with a structured approach and courses. Unfortunately, it's a modest investment on an ongoing basis.

Vulnhub - Download lot's of (Free!) vulnerable VM's. If you are just starting out, try out the Kioptrix series (1-5), Minotaur, pwnlab, stapler, and VulnOS.

Hack the Box - One of my favorite sites. VPN into their network and have fun! There is a small hacking challenge to get an account. They have a Pro version, but the free one is plenty for part time learning.

Fuzzy Security Tutorials - More a mix of tutorial, VM exploit walkthroughs, and overviews of concepts - this site has many interesting resources for learning aspects of hacking.

Here are a few good cheat sheets: enumerate network services, reverse shells, and one for privilege escalation (it's a little old, but still relevant - the methodology is what counts.).