Linux Privilege Escalation - (running) Services

Since I’m quite new to the whole topic of linux privilege escalation I’ve done a few courses in which usually the enumeration of services is mentioned with commands like:

ps aux
systemctl --type=service --state=running
etc. 

But I wonder how do I go an from there? How do I find vulnerable services, and even if there are no (usable) CVEs or Exploits for those services, how can I check for service misconfiguration?

I’m interested both in tools but more importantly in a methology to proceed.

with regards