Just here to second what sanedave posted - Vulnhub is the money! The problem it seems with learning security and the fun ways to break it is that in the US pretty much any time you access a computer or network without authorization you are looking at the Computer Fraud and Abuse act. So for our brave new tester who has tools that can be great for learning- could seriously put you in jail. I second, third, and fifth Vulnhub.com. Learn how to create a bit ol' virtual network at home and have at it.

So lets say you have Kali and you are playing around with Fern-wifi-cracker, it has an option where you can target multiple Access points and from what I remember even newly activated ones- so you forget to turn it off and travel around with it or open up your machine in a coffee shop. You are actively attacking a network you do not own.

Now personally - I do not condone or encourage going out and breaking the law. But sometimes you need to be able to recreate an attackers mindset, so learning about mac spoofing and making things as hard to trace as possible is legit but can take you down some dark roads.

In certain countries even owning the tools - metasploit, cain and abel, john the ripper- to name a few could be against the law. Check out this Schneier on Security blurb on what has happened in the past ( I realize the article is old balls at this point)

New German Hacking Law 2007/2008

Udemy.com also has a few decent "white hat hacker classes" for the super novice- most of which can be found reading either documentation for tools or setting up a virtual machine and learning through trial and error.

Keep learning but be safe