Exploit an AArch64 stack overflow with ret2csu to leak libc and execute system().
Exploit a stack overflow with canary bypass to ret2win and read the flag.
Use-after-free leak to bypass Safe Linking and poison tcache into a win path.
Format-string size mismatch flips is_admin via scanf overrun for instant shell.
Seccomp-only shellcode read/write exploit with bad-byte evasion for V2.
Exploit signed-char array index OOB read to leak the global flag bytes.
Classic gets() overflow to pivot into the hidden joshua function and print the flag.
