Verifying STUN Message Integrity for Lync and Skype for Business ICE Traffic

Verifying STUN Message Integrity for Lync and Skype for Business ICE Traffic   Recently there have been some inquiries about how to verify the integrity of messages in STUN protocol conversations when used by Lync and Skype for Business.  In this blog post, I will describe a common scenario based on a recent customer inquiry…

0

OpenXML Styles 101 – Understanding Table Style Conditional Formatting

IntroductionThis is the second in a series of articles covering various OpenXML topics. This article provides an example of creating some simple table styles that use conditional formatting, the pitfalls that you would probably encounter, and how to get the results you’re expecting. We will be using an example created in Microsoft Word 2016 and…

0

OpenXML Styles 101 – Creating Custom Styles and Understanding Style Inheritance

IntroductionThis will be the first in a series of articles on various OpenXML topics. This article provides an expanded description of how Style Inheritance works. We will be using an example created in Microsoft Word 2016 and then manually modifying the package contents. By simply reading through this blog you should be able to grasp…

0

MS-OXCFXICS – How to parse the FastTransfer Stream

Note: This article was written using version 16.2 (10/30/2014) of the MS-OXCFXICS document as reference and all links contained in this article reference sections of that version of the document. The current version of the MS-OXCFXICS document can be found here: https://msdn.microsoft.com/en-us/library/cc463916(v=exchg.80).aspx Resources: [MS-OXCFXICS] – Bulk Data Transfer Protocol [MS-OXPROPS] – Exchange Server Protocols Master…

0

SMB 3.1.1 Encryption in Windows 10

SMB 3 encryption offers data packet confidentiality and prevents an attacker from both tampering with and eavesdropping on any data packet. Encryption has been enhanced in SMB 3.1.1. The cipher can now be negotiated during connection establishment. In addition to AES-128-CCM for SMB 3.0.x compatibility, Windows 10 (and Windows Server 2016) added AES-128-GCM in SMB…


SMB 3.1.1 Pre-authentication integrity in Windows 10

Pre-authentication integrity is one of the new SMB 3.1.1 security improvements in Windows 10 and Windows Server 2016 TP2 (technical preview 2). It improves protection from a man-in-the-middle (MITM) attacker in tampering with SMB2’s connection establishment and authentication messages. This new feature supersedes “secure dialect negotiation” introduced in SMB 3.0, which only protected against MITM…


MS-PST – Parsing a Heap-on-Node Property Context Block

Summary This Blog will use the sample Heap-on-Node (HN) from section 3.8 of MS-PST and walk through the process of how to read a property from it. The current version of the MS-PST open specification document can be found here: http://msdn.microsoft.com/en-us/library/ff385210(office.12).aspx     Introduction First, it’s important to understand that there are several layers and…

0

Extended DFS referral for SMB 3

This blog talks about site-aware DFS referral introduced in Windows Server 2012. Extended DFS referrals provide remote client computers with optimal DFS referrals when the computers connect to the corporate network by using DirectAccess. This blog also describes how to configure a Window 8 client to issue extended DFS referral request for testing a SMB…


Message Analyzer

As interoperability relies mainly on the network interactionbetween systems and services, it is of the utmost importance to have toolshandy that can help analyze and understand the traffic generated as aconsequence of such interaction. In recent years we have seen Microsoft shaping its historictool “Network Monitor” into a more advanced kit that become very useful…


GUIDs and Endianness: {Endi-an-ne-ssInGUID} OR idnE-na-en-ssInGUID?

  Hi all! I have recently received a couple inquiries regarding theway in which GUIDs are represented, how they are stored, how they aretransferred over the wire and how endianness impacts on them so I decided topost a little blog entry to share a couple details and examples. GUIDs are described in [MS-DTYP] Section2.3.4 and…