Abuse mmap to search for sections of the emulator's memory mappings with MAP_FIXED_NOREPLACE. Then, use MAP_FIXED to wipe out a section of .text in libc, and fill it with a nop sled to shellcode.

Original writeup (https://www.willsroot.io/2021/03/zer0pts-ctf-2021-nasm-kit-writeup.html).