MITRE, known from the ATT&CK framework that maps out common steps that attackers take, are starting a library where they'll document how certain hacker groups run their attacks. This way you can put your defenses to the test and see if you'd be able to detect them. https://medium.com/mitre-engenuity/introducing-the-all-new-adversary-emulation-plan-library-234b1d543f6b