An M - FSM model is proposed for the multi-stage vulnerable operations. The goal of this M - FSM is to reason how the implemented step - by - step operation, or more precisely each step activity within the whole operation, contributes an attack goal. This model can be used in discovering attack paths to critical network resources. From these attack paths the system administrator can then derive an expression for network safety in terms of the initial configuration and take measures to reinforce the network.