Of course, not all applications complete the TCP 3-Way handshake, such as nmap which in some modes will only send the TCP SYN to determine if a port is open on a server.
https://remyhax.xyz/posts/protonvpn-tcp-hacks/

This can be used by Blue teams for testing the EDR detections and correlation rules.
https://github.com/ScarredMonk/SysmonSimulator

Iteratively adding ONFI opcode support was nothing terribly exciting - though one amusing point was discovering that the NAND controller hardware in the Zynq won't complete a page read transaction unless you drive R/#B low for some period of time.
https://blog.ropcha.in/part-3-zynq-cve-2021-27208.html