Combining negative-index OOB leak with format-string GOT overwrite to pop shell and recover the flag.

Blacklist-bypass shellcode staging: constrained stage-1 reader + unrestricted stage-2 flag exfiltration.

Two-stage ret2libc via stack overflow in fill(), with a libc leak and re-entry into vulnerable path.

Abusing textbook RSA multiplicative property to forge an admin signature in mysterybox.

Exploiting biased OTP generation plus reused CTR stream to recover the flag deterministically.

Bid-threshold overflow + timeout wrap exploitation in AuctionHouse.

Exploiting unchecked arithmetic underflow in a Solidity 0.7 token implementation.

Reconstructing dynamic password logic and solving Magic Vault with deterministic exploit flow.