
Junior.Crypt 2026 Forensic + Misc + OSINT Writeup: 8 Challenges Solved (WinZip-AES Phishing Email Corpus, Cyrillic Acrostic + Mined SHA-1 Covert Channel, MIDI Pitch-Wheel Pair Steganography, SVG ClipPath Ghost Text, DOCX customXml Revision Replay, Pickle + payload.pyc ML Supply-Chain Backdoor, Grodno Fire Watchtower Landmark ID, Belarusian Higher League Broadcast-Clock Reading)
Junior.Crypt 2026 (grodno flag prefix) rounded out its web, crypto, pwn, and reverse tracks with three softer categories that are still surprisingly rich: forensic (two challenges), misc (four), and OSINT (two). None of them require heavy tooling: every solve in this writeup is either a stdlib Python script, a browser render of an extracted SVG fragment, an unzip -l size disparity, or a bilingual Yandex reverse-image query. What the eight challenges do share is a pattern-recognition discipline that a defender’s eye can be trained on: password-protected malware zips (Infected password → live samples), first-byte-of-SHA-1 covert channels in git log, pitch-wheel event pairs as a MIDI bit channel, clip-path references that consume glyph geometry without painting it, customXml/item1.xml outweighing document.xml in a near-empty DOCX, .pyc shipped next to a .pkl that hands the loader RCE, and OSINT chains that lean on Russian-language search over English for post-Soviet targets. ...

