This step involves using port scans and open-source intelligence (OSINT) to identify the services and resources available within the target system. This can identify potential attack vectors, credentials, and any sensitive or confidential data.