Achieve arb shellcode via rop in the ret2cds process. Then use process_vm_readv to enumerate the nc-java process, and then process_vm_writev to inject a reverse shell shellcode into the OpenJDK Class Data Sharing rwx region to escape the seccomp-sandbox.

Original writeup (https://www.willsroot.io/2021/08/ret2cds-writeup-escaping-seccomp.html).