Syscall

Write open-read-write shellcode to exfiltrate /flag.txt when execve is blocked by a seccomp filter.

Write /bin/sh into a known writable address, then build a ROP chain that sets rax=59, rdi=/bin/sh, rsi=0, rdx=0 using dedicated pop gadgets and a syscall instruction to get a shell.