Some characters in the input may cause the program to crash or behave unexpectedly. In this step, the attacker identifies these "bad characters" and avoids using them in the exploit code.