Rating:
* `retf` instroction change `cs` to 0x33 -> switch to x64 mode and execute x64 instruction.
* Different syscall number in x64 -> bypass sandbox badsyscall number black list.
* write up -> [exploit](https://github.com/ssspeedgit00/CTF/tree/master/2018/meepwn/babysandbox)
