This talk introduces new methods for penetrating server-side environments utilizing Adobe Flex services. We'll briefly discuss the AMF protocol and how to break a Flex app with a single HTTP request. In addition, we'll show how to exploit services to perform remote port scans and gain access to internal hosts. Don't waste your Flash 0-day on some unsuspecting user when you can just as easily slip in through the front door. 15 minutes and you'll know everything you need to finish the job.