I have slowly been piecing together some ideas for test machines. I like to think from the base system up to the vulnerabilities to gain an initial foothold. This process has been super helpful for me to understand the exploitation and enumeration process a bit more.
One of my recent obsessions has been restricted shells and coming up with some interesting workarounds. One for causing pain on the tester hacking into the machine but two to find clever ways in and out of a low privilege user shells.
Below are some of my favorite resources on the subject:
https://fireshellsecurity.team/restricted-linux-shell-escaping-techniques/
https://www.exploit-db.com/docs/english/44592-linux-restricted-shell-bypass-guide.pdf
https://www.hackingarticles.in/multiple-methods-to-bypass-restricted-shell/
http://www.hackingmonks.net/2019/07/escaping-restricted-linux-shells-like.html