They begin to look for specific vulnerabilities in the Business network which they can exploit such as applications, target networks, and so forth., and begin indicating/mapping out the places wherever they could take advantage. Once they effectively establish which defenses are in place, they pick out which weapon is ideal https://www.researchgate.net/publication/365308473_Development_of_Cyber_Attack_Model_for_Private_Network