The Phases of an Attack

Both malicious attackers and professional penetration tester/ ethical hackers apply various phases in their attacks. Attacks are often separated into these phases:

Reconnaissance is the process of investigating target organization to gather information about it from publicly available sources, such as domain registration services, websites, and so on. Some people include techniques such as social engineering and dumpster diving in the recon phase.
Scanning is the process of finding openings in the target organization, such as Internet gateways, wireless access points, available systems, listening ports, and vulnerability lists. In the Exploitation phase, attackers exploit target systems to compromise them, possibly getting control of them or causing a denial of service attack.
While legitimate tests often include the phases listed above, malicious attackers often go further than the rules of engagement allow for a professional penetration test. The next phase, often used by malicious attacker to maintain access and control of a target machine, involves setting up the compromised machine so the attacker can keep control over it, with techniques such as installing backdoors and planting rootkits. Malicious attackers also often use a final phase, Covering the Tracks, in which they employ log editing, file hiding, and covert channels lo hide their activities on a system.
Please note that the best of the attackers (both the good guys and the evil ones) are pragmatists. They don’t always proceed from reconnaissance to scanning to gaining access and so on. Sure, they use these steps, but they are very likely to jump around between them as events and discoveries warrant. For example, during the recon phase, attackers may discover an exploitable flaw that they will use to gain access directly, temporarily bypassing scanning  Then, once they gain access to one machine, they may go back and start scanning.
From a professional testing perspective, though, be careful when jumping out of order between these steps, making sure that you return to the earlier phases to conduct a comprehensive test.