Things you can hack legally:
Vulnhub boxes – A collection of virtual machines that are vulnerable by design.
Hack the Box – An online lab full of vulnerable machines. Also a great forum community.

Things you can watch:
IppSec Videos – An awesome collection of walkthroughs for retired Hack The Box machines. This guy is amazing.
Derek Rook Videos – A SANS instructor that also posts Hack The Box walkthroughs.

Things to read online:
Pentest Monkey – So many good resources for shells, cheat sheets, and other things
The Hacker News – Security related news
SANS – Great starting point for news, training, and security resources
G0tmi1k blog – The entire blog site is good but I frequent this Linux privilege escalation page the most. Other articles are based on vulnhub walkthroughs.
Fuzzy Security – Great Windows privilege escalation resources
Black Hills So many awesome blogs, podcasts and other resources it’s amazing

Things to read in book form:
The Hacker Playbook (1/2/3)
Advanced Penetration Testing
The Web Applications Hackers Handbook v2

Things to attend:
Black Hat – Very large, corporate, and expensive.
DEF CON – Also large, but less professional party atmosphere, cheap, and more hands on
DerbyCon – Last year 2019 – Wish I could have made one
ShmooCon – Also seems cool … can’t get a ticket there either
Wild West Hackin’ Fest – New con put on by Black Hills