Exploiting an open message reciever and an Angular CSTI to get cross site scripting on a seemingly innocuous site.

Send XSSHunter payload to a chat bot to read their cookie.

Using Binwalk to extract a binary from an image.