4: Exploitation
With the research phase done and a candidate, or candidates, attack vector(s) selected we can move on to exploits and looking to gain system access, whether that's an initial foothold, or taking steps to gain higher privileges once access is gained.