In this step, the attacker sends a large amount of data to the targeted application to see how it responds. The goal is to determine whether the application is vulnerable to a buffer overflow and how it behaves when it receives unexpected input.