Microsoft Open Specifications Support Team Blog
The official blog of the Engineers supporting the Microsoft Open Specifications Documentation
SMB 2 and SMB 3 security in Windows 10: the anatomy of signing and cryptographic keys
Signing is an integral security feature in SMB2 since its inception. Encryption starts in SMB3 as an...
Date: 05/26/2017
How Kerberos user-to-user authentication works?
The Kerberos user-to-user (U2U) authentication mechanism enables a client to authenticate to a...
Date: 05/24/2017
Verifying STUN Message Integrity for Lync and Skype for Business ICE Traffic
Verifying STUN Message Integrity for Lync and Skype for Business ICE Traffic Recently there have...
Date: 02/23/2016
OpenXML Styles 101 - Understanding Table Style Conditional Formatting
IntroductionThis is the second in a series of articles covering various OpenXML topics. This article...
Date: 11/06/2015
OpenXML Styles 101 - Creating Custom Styles and Understanding Style Inheritance
IntroductionThis will be the first in a series of articles on various OpenXML topics. This article...
Date: 09/16/2015
MS-OXCFXICS - How to parse the FastTransfer Stream
Note: This article was written using version 16.2 (10/30/2014) of the MS-OXCFXICS document as...
Date: 09/16/2015
SMB 3.1.1 Encryption in Windows 10
SMB 3 encryption offers data packet confidentiality and prevents an attacker from both tampering...
Date: 09/09/2015
SMB 3.1.1 Pre-authentication integrity in Windows 10
Pre-authentication integrity is one of the new SMB 3.1.1 security improvements in Windows 10 and...
Date: 08/11/2015
MS-PST - Parsing a Heap-on-Node Property Context Block
Summary This Blog will use the sample Heap-on-Node (HN) from section 3.8 of MS-PST and walk through...
Date: 05/30/2014
Extended DFS referral for SMB 3
This blog talks about site-aware DFS referral introduced in Windows Server 2012. Extended DFS...
Date: 02/21/2014
Message Analyzer
As interoperability relies mainly on the network interactionbetween systems and services, it is of...
Date: 10/10/2013
GUIDs and Endianness: {Endi-an-ne-ssInGUID} OR idnE-na-en-ssInGUID?
Hi all! I have recently received a couple inquiries regarding theway in which GUIDs are represented,...
Date: 10/08/2013
[MS-RDPEUDP] : Glance at TLS/DTLS handshake packets.
MS-RDPEUDP is a new protocol in RDP8 and operates in 2 modes : Reliable (RDP-UDP-R) and Best Efforts...
Date: 09/11/2013
Extracting a PowerPoint VBA Macro
Abstract This post of my blog responds to a request by a customer to find and extract a VBA macro in...
Date: 06/20/2013
RDPESC parser modification
Hello world! I’ve decided to write this entry to talk about twointertwined subjects: - The...
Date: 05/30/2013
PowerShell script for finding Microsoft Office legacy files
Referenced documents:[MS-CFB]: Compound File Binary File Format[MS-OLEPS]: Object Linking and...
Date: 04/08/2013
SMB 2.x and SMB 3.0 Timeouts in Windows
This blog talks about common timeouts for SMB dialects 2.x and 3.0 [MS-SMB2] in Windows. It also...
Date: 03/27/2013
NTLM and Channel Binding Hash (aka Extended Protection for Authentication)
Extended Protection for Authnetication (EPA) was introduced in Windows 7/WS2008R2 to thwart...
Date: 03/26/2013
CIFS and SMB Timeouts in Windows
This blog gives a consolidated overview of the most common SMB timeouts in Windows and their...
Date: 03/19/2013
Rich Text Format (RTF) and Watermarks
Seldom is the question asked, "Is there an RTF directive that can be used to add watermarks in RTF...
Date: 02/04/2013
How to manually decode an ActiveSync WBXML stream
OverviewActiveSync requests and responses are sent as HTTP messages. In order to reduce the size of...
Date: 02/04/2013
Determining Office Binary File Format Types
Referenced Documents: MS-CFB MS-OLEPS If you need to programmatically determine the office file type...
Date: 01/16/2013
Unencrypted MS-EVEN6 Traffic
This blog entry is intended for readers interested in generating unencrypted MS-EVEN6...
Date: 01/13/2013
Encryption in SMB 3.0: A protocol perspective
Encryption is one of the new SMB 3.0 security enhancements in Windows Server 2012 RTM. It can be...
Date: 10/05/2012
Hitchhiker’s Guide to Debugging RDP protocols: Part 2
Hitchhiker’s Guide to Debugging RDP protocols: Part 2 NOTE: Questions and comments are...
Date: 07/24/2012
SMB3 Secure Dialect Negotiation
This blog talks about secure dialect negotiation, one of the new SMB3 security enhancements in...
Date: 06/28/2012
MS-FSU: A look from the Windows interface
It is not unusual for our group to receive a question regarding Constrained Delegation and Protocol...
Date: 06/25/2012
Encryption in SMB3
SMB3 will debut in the upcoming version of Windows 8. This is a significant update from the last...
Date: 06/08/2012
Hitchhiker’s Guide to Debugging RDP protocols: Part 1 [MS-RDPEUSB]
Hitchhiker’s Guide to Debugging RDP protocols: Part 1 [MS-RDPEUSB] NOTE: Questions and...
Date: 05/24/2012
MS-PST - How to decode data pages using Permutative Decoding.
The current version of the MS-PST open specification document can be found here:...
Date: 02/08/2012
Encryption Negotiation in RDP connection
Encryption Negotiation in RDP connection The RDP connections between clients and servers are...
Date: 12/07/2011
How to use the presetShapeDefinitions.xml file and fun with DrawingML.
This article deals with the content contained in ECMA-376 Part 1. The 3rd edition of ECMA-376 was...
Date: 11/14/2011
Password encryption in establishing a remote assistance session of type 1
This blog provides details on how the PassStub is used when establishing a remote assistance session...
Date: 10/31/2011
Customizing In-Box Netmon Parsers. How to edit and deploy updated Netmon Parsers.
This article will explain how to edit and deploy an “in-box”Netmon parser. By...
Date: 08/08/2011
MS-OXOCAL - How to calculate the FirstDateTime for monthly and yearly recurring appointments for the Hebrew calendar.
Alternate Calendars As you may or may not be aware, Outlook supports multiple calendars. Not only...
Date: 07/28/2011
BFFValidator Tool Goes Public
Yesterday, the Office Interoperability team announced the public release of the Beta version of the...
Date: 07/13/2011
A quick look at the new negotiation mechanism (NegoEx) used with SPNEGO in Windows 7
What is NegoEx ? Why do we need it ? Before Windows 7 was introduced, applications utilize the...
Date: 06/30/2011
Free/Busy Data in Exchange
In today’s fast-paced market, availability of an individual is increasingly important. Thus...
Date: 06/30/2011
EMF File Overview
EMF File Overview Generally, most people are familiar with two types of graphics files: bitmap and...
Date: 06/28/2011
This is how we troubleshoot Windows interoperability issues in the Open Specifications support team
Hi y’all, Sebastian from Texas here! I’ve been at the File Sharing Plugfest last week....
Date: 06/28/2011
Authentication 101
I am writing this blog in response to a need I felt when I was new to authentication in Windows. The...
Date: 06/24/2011
Incremental Change Synchronization
Incremental Change Synchronization ICS provides a means for the client to replicate changes in a...
Date: 06/20/2011
.MSG File Format, Rights Managed Email Message (Part 3)
In Part 2, I concluded my dissection of the rights managed email message example, with locating the...
Date: 06/14/2011
Exploring the CFB File Format 9
Exploring the CFB File Format 9 File SecurityDue to the nature of a compound file, a single file in...
Date: 06/10/2011
Exchange ActiveSync Provisioning
Exchange ActiveSync Provisioning EAS Provisioning is a means to download and apply devices on an...
Date: 06/09/2011
Exploring the CFB File Format 8
Exploring the CFB File Format 8 Range Lock Sectors A range lock sector is a part of a CFB file that...
Date: 06/09/2011
Exploring the CFB File Format 7
Exploring the CFB File Format 7 ------------------------------- [- Red-Black Trees -] As we have...
Date: 06/09/2011
Troubleshooting with the Microsoft Exchange RPC Extractor (or, the case of the mysterious Inbox sync)
If you were not already familiar with decoding Exchange Server to Client communication, or have done...
Date: 06/07/2011
Windows Configurations for Kerberos Supported Encryption Type
In one of my previous...
Date: 05/30/2011
Decrypting SSTP traffic with Netmon and NMDecrypt
Intro I have recently received some inquiries about [MS-SSTP]. I must admit that I had to review...
Date: 05/23/2011