[howlett]

Here are a few resources:

https://www.reddit.com/r/netsec/ General news about netsec

https://github.com/enaqx/awesome-pentest List of tools and resources

https://github.com/wtsxDev/Penetration-Testing Another list of tools and resources

https://www.hackthebox.eu/ Hands on hacking (OSCP style) but free, unless you want to pay for a VIP version and get access to even more machines.

https://www.vulnhub.com/ Individual VMs you can hack into, most of them providing walkthroughs.

Web application wise I'd suggest starting with https://www.owasp.org/index.php/OWASP_Juice_Shop_Project which is a modern version of the "damn vulnerable web app (DVWA)".

These may look quite "massive" for a beginner but I think it's the best way to start. The approach I would suggest would be to go download a VM from vulnhub and read its walkthrough. Then learn to use the tools in that walkthrough (each machine may use a tool in a different way) until you're confident enough to make an attempt on your own.

Hope this is helpful!