Exercises
Regular exercises are a helpful way to identify detection gaps and build maturity.
CIS's example tabletop exercises
https://www.cisecurity.org/wp-content/uploads/2018/10/Six-tabletop-exercises-FINAL.pdf
NCSC's 'exercise in a box'. Requires signup
https://exerciseinabox.service.ncsc.gov.uk/
Mitre's exercise playbook.
https://www.mitre.org/sites/default/files/publications/pr_14-3929-cyber-exercise-playbook.pdf
This account tweets fictional or headline inspired breach scenarios. Often the replies offer helpful thoughts on how these could be detected or mitigated
Testing
Atomic red team provides unit tests for individual Mitre ATT&CK techniques. These can be used as smoke tests to trigger use case alerts firing.
https://github.com/redcanaryco/atomic-red-team
Create a simulated AD environment for testing.
https://github.com/davidprowe/BadBlood
Sysmon Simulator can be used to generate events to test EDR detections
https://github.com/ScarredMonk/SysmonSimulator
Public pen test reports
Red Teaming
The CBEST and TIBER EU frameworks set out how the Bank of England and the ECB use adversarial testing to assess the cyber resilience of UK and EU financial services. If you are looking to assess the capability and maturity of your detection and response this is the gold standard.
https://www.ecb.europa.eu/pub/pdf/other/ecb.tiber_eu_framework.en.pdf
Red team tooling. Often repurposed by real threats.
https://github.com/infosecn1nja/Red-Teaming-Toolkit
Ben Turner and Doug McLeod's blog
David's Red Team notes
https://dmcxblue.gitbook.io/red-team-notes-2-0/
Choose your own adventure
https://scythe-io.github.io/cyoa-red-team/
The UK MOD's Red Teaming Guide
https://www.gov.uk/government/publications/a-guide-to-red-teaming