Carving a PNG plus ZIP plus PDF polyglot to reassemble a three-part flag
Polluting a Python module global through a recursive merge to flip the give_flag switch and unlock the flag
Beating an event-handler blocklist and a strict CSP with an onfocus payload and a top-level navigation leak
