During a source code review of the Azure Command-Line Interface (Azure CLI), I analyzed the AOSM (Azure Operator Service Manager) extension and discovered a potentially unsafe use of Python’s tarfi...

This writeup documents my solutions for the RoCSC 2024 qualifiers. For each challenge I describe the vulnerability or technique, the tools and payloads used, and the precise steps that led to the f...