Microsoft Open Specifications Support Team Blog

The official blog of the Engineers supporting the Microsoft Open Specifications Documentation

SMB 2 and SMB 3 security in Windows 10: the anatomy of signing and cryptographic keys

Signing is an integral security feature in SMB2 since its inception. Encryption starts in SMB3 as an...

Author: Edgar A Olougouna Date: 05/26/2017

How Kerberos user-to-user authentication works?

The Kerberos user-to-user (U2U) authentication mechanism enables a client to authenticate to a...

Author: Edgar A Olougouna Date: 05/24/2017

Verifying STUN Message Integrity for Lync and Skype for Business ICE Traffic

Verifying STUN Message Integrity for Lync and Skype for Business ICE Traffic Recently there have...

Author: Tom Jebo Date: 02/23/2016

OpenXML Styles 101 - Understanding Table Style Conditional Formatting

IntroductionThis is the second in a series of articles covering various OpenXML topics. This article...

Author: JCurry Date: 11/06/2015

OpenXML Styles 101 - Creating Custom Styles and Understanding Style Inheritance

IntroductionThis will be the first in a series of articles on various OpenXML topics. This article...

Author: JCurry Date: 09/16/2015

MS-OXCFXICS - How to parse the FastTransfer Stream

Note: This article was written using version 16.2 (10/30/2014) of the MS-OXCFXICS document as...

Author: JCurry Date: 09/16/2015

SMB 3.1.1 Encryption in Windows 10

SMB 3 encryption offers data packet confidentiality and prevents an attacker from both tampering...

Author: Edgar A Olougouna Date: 09/09/2015

SMB 3.1.1 Pre-authentication integrity in Windows 10

Pre-authentication integrity is one of the new SMB 3.1.1 security improvements in Windows 10 and...

Author: Edgar A Olougouna Date: 08/11/2015

MS-PST - Parsing a Heap-on-Node Property Context Block

Summary This Blog will use the sample Heap-on-Node (HN) from section 3.8 of MS-PST and walk through...

Author: JCurry Date: 05/30/2014

Extended DFS referral for SMB 3

This blog talks about site-aware DFS referral introduced in Windows Server 2012. Extended DFS...

Author: Edgar A Olougouna Date: 02/21/2014

Message Analyzer

As interoperability relies mainly on the network interactionbetween systems and services, it is of...

Author: Sebastian Canevari Date: 10/10/2013

GUIDs and Endianness: {Endi-an-ne-ssInGUID} OR idnE-na-en-ssInGUID?

Hi all! I have recently received a couple inquiries regarding theway in which GUIDs are represented,...

Author: Sebastian Canevari Date: 10/08/2013

[MS-RDPEUDP] : Glance at TLS/DTLS handshake packets.

MS-RDPEUDP is a new protocol in RDP8 and operates in 2 modes : Reliable (RDP-UDP-R) and Best Efforts...

Author: Tarun Chopra - MSFT Date: 09/11/2013

Extracting a PowerPoint VBA Macro

Abstract This post of my blog responds to a request by a customer to find and extract a VBA macro in...

Author: Tom Jebo Date: 06/20/2013

RDPESC parser modification

Hello world! I’ve decided to write this entry to talk about twointertwined subjects: - The...

Author: Sebastian Canevari Date: 05/30/2013

PowerShell script for finding Microsoft Office legacy files

Referenced documents:[MS-CFB]: Compound File Binary File Format[MS-OLEPS]: Object Linking and...

Author: Vilmos Foltenyi MSFT Date: 04/08/2013

SMB 2.x and SMB 3.0 Timeouts in Windows

This blog talks about common timeouts for SMB dialects 2.x and 3.0 [MS-SMB2] in Windows. It also...

Author: Edgar A Olougouna Date: 03/27/2013

NTLM and Channel Binding Hash (aka Extended Protection for Authentication)

Extended Protection for Authnetication (EPA) was introduced in Windows 7/WS2008R2 to thwart...

Author: Obaid Farooqi Date: 03/26/2013

CIFS and SMB Timeouts in Windows

This blog gives a consolidated overview of the most common SMB timeouts in Windows and their...

Author: Edgar A Olougouna Date: 03/19/2013

Rich Text Format (RTF) and Watermarks

Seldom is the question asked, "Is there an RTF directive that can be used to add watermarks in RTF...

Author: Mark Miller (WFH) Date: 02/04/2013

How to manually decode an ActiveSync WBXML stream

OverviewActiveSync requests and responses are sent as HTTP messages. In order to reduce the size of...

Author: JCurry Date: 02/04/2013

Determining Office Binary File Format Types

Referenced Documents: MS-CFB MS-OLEPS If you need to programmatically determine the office file type...

Author: JCurry Date: 01/16/2013

Unencrypted MS-EVEN6 Traffic

This blog entry is intended for readers interested in generating unencrypted MS-EVEN6...

Author: Tarun Chopra - MSFT Date: 01/13/2013

Encryption in SMB 3.0: A protocol perspective

Encryption is one of the new SMB 3.0 security enhancements in Windows Server 2012 RTM. It can be...

Author: Edgar A Olougouna Date: 10/05/2012

Hitchhiker’s Guide to Debugging RDP protocols: Part 2

Hitchhiker’s Guide to Debugging RDP protocols: Part 2 NOTE: Questions and comments are...

Author: Bryan S. Burgin Date: 07/24/2012

SMB3 Secure Dialect Negotiation

This blog talks about secure dialect negotiation, one of the new SMB3 security enhancements in...

Author: Edgar A Olougouna Date: 06/28/2012

MS-FSU: A look from the Windows interface

It is not unusual for our group to receive a question regarding Constrained Delegation and Protocol...

Author: Sebastian Canevari Date: 06/25/2012

Encryption in SMB3

SMB3 will debut in the upcoming version of Windows 8. This is a significant update from the last...

Author: Obaid Farooqi Date: 06/08/2012

Hitchhiker’s Guide to Debugging RDP protocols: Part 1 [MS-RDPEUSB]

Hitchhiker’s Guide to Debugging RDP protocols: Part 1 [MS-RDPEUSB] NOTE: Questions and...

Author: Bryan S. Burgin Date: 05/24/2012

MS-PST - How to decode data pages using Permutative Decoding.

The current version of the MS-PST open specification document can be found here:...

Author: JCurry Date: 02/08/2012

Encryption Negotiation in RDP connection

Encryption Negotiation in RDP connection The RDP connections between clients and servers are...

Author: Hongwei Sun-MSFT Date: 12/07/2011

How to use the presetShapeDefinitions.xml file and fun with DrawingML.

This article deals with the content contained in ECMA-376 Part 1. The 3rd edition of ECMA-376 was...

Author: JCurry Date: 11/14/2011

Password encryption in establishing a remote assistance session of type 1

This blog provides details on how the PassStub is used when establishing a remote assistance session...

Author: Edgar A Olougouna Date: 10/31/2011

Customizing In-Box Netmon Parsers. How to edit and deploy updated Netmon Parsers.

This article will explain how to edit and deploy an “in-box”Netmon parser. By...

Author: Bryan S. Burgin Date: 08/08/2011

MS-OXOCAL - How to calculate the FirstDateTime for monthly and yearly recurring appointments for the Hebrew calendar.

Alternate Calendars As you may or may not be aware, Outlook supports multiple calendars. Not only...

Author: JCurry Date: 07/28/2011

BFFValidator Tool Goes Public

Yesterday, the Office Interoperability team announced the public release of the Beta version of the...

Author: tomjebo Date: 07/13/2011

A quick look at the new negotiation mechanism (NegoEx) used with SPNEGO in Windows 7

What is NegoEx ? Why do we need it ? Before Windows 7 was introduced, applications utilize the...

Author: Hongwei Sun-MSFT Date: 06/30/2011

Free/Busy Data in Exchange

In today’s fast-paced market, availability of an individual is increasingly important. Thus...

Author: King Salemno Date: 06/30/2011

EMF File Overview

EMF File Overview Generally, most people are familiar with two types of graphics files: bitmap and...

Author: King Salemno Date: 06/28/2011

This is how we troubleshoot Windows interoperability issues in the Open Specifications support team

Hi y’all, Sebastian from Texas here! I’ve been at the File Sharing Plugfest last week....

Author: Sebastian Canevari Date: 06/28/2011

Authentication 101

I am writing this blog in response to a need I felt when I was new to authentication in Windows. The...

Author: Obaid Farooqi Date: 06/24/2011

Incremental Change Synchronization

Incremental Change Synchronization ICS provides a means for the client to replicate changes in a...

Author: King Salemno Date: 06/20/2011

.MSG File Format, Rights Managed Email Message (Part 3)

In Part 2, I concluded my dissection of the rights managed email message example, with locating the...

Author: tomjebo Date: 06/14/2011

Exploring the CFB File Format 9

Exploring the CFB File Format 9 File SecurityDue to the nature of a compound file, a single file in...

Author: King Salemno Date: 06/10/2011

Exchange ActiveSync Provisioning

Exchange ActiveSync Provisioning EAS Provisioning is a means to download and apply devices on an...

Author: King Salemno Date: 06/09/2011

Exploring the CFB File Format 8

Exploring the CFB File Format 8 Range Lock Sectors A range lock sector is a part of a CFB file that...

Author: King Salemno Date: 06/09/2011

Exploring the CFB File Format 7

Exploring the CFB File Format 7 ------------------------------- [- Red-Black Trees -] As we have...

Author: King Salemno Date: 06/09/2011

Troubleshooting with the Microsoft Exchange RPC Extractor (or, the case of the mysterious Inbox sync)

If you were not already familiar with decoding Exchange Server to Client communication, or have done...

Author: Mark Miller (WFH) Date: 06/07/2011

Windows Configurations for Kerberos Supported Encryption Type

In one of my previous...

Author: Hongwei Sun-MSFT Date: 05/30/2011

Decrypting SSTP traffic with Netmon and NMDecrypt

Intro I have recently received some inquiries about [MS-SSTP]. I must admit that I had to review...

Author: Sebastian Canevari Date: 05/23/2011

Next>