`note` is a very good challenge to understand how we can exploit a `Off-By-One` bug where the program is using `scanf`. Basically, you can overwrite the `least significant byte (LSB)` of the `saved rbp` with a null byte, so you can control the stack frame for the following function calls.

Original writeup (https://github.com/sajjadium/ctf-writeups/tree/master/StarCTF/2018/note).