I spent a long time thinking of my last exercise CVE-2012-2661 and especially if I should give it away for free or do a paid version... Both have pros and cons and it has been really hard to decide until I found the idea.
And I decided for a paid version... as a hipster friend will say "You sold out mate..."
I decided for a paid version because it's a lot of work to get a working ISO (especially to get a stable Passenger's stack on Debian using their packages) and to create the course.
If you pay me or one of the people listed in the "PentesterLab's friends" list a (good) beer, you get an exercise for free... And I will make sure to have one of these friends at most conferences. I think it's fair to offer a beer to someone who helps you. But since I can't be everywhere and drink all these beers (or can I??), I will share them with my friends. And for the buyer, it's a good way to meet and talk to nice and smart people working in security.
I'm still working on the details and will probably create small cards with token for these "Pentesterlab's friends" in the meantime just give them your email/business card with the beer and we will sort it.
If you're currently at the SSTIC in France, you can offer a beer to Renaud F. and Nicolas C. to get a free exercise :)
If you're going to Defcon and Blackhat, you can offer a beer (or probably a bourbon&coke) to Silvio to get a free exercise :)
If you're organizing/going to a conference, let me know, I will probably be able to find someone I know or someone who published good research and is willing to drink free beers ;)
NB: It's not retroactive :p