Heist is a hard Windows Active Directory box on Offsec PG and is a good box to prepare for the AD portion of the exam.
A Hard Linux Box by Offsec PG that revolves around exploiting Redis server.
A Hard Linux Box by Offsec PG Practice that involves exploiting a Cassandra Web installation for arbitrary file read.