FRACKING FLEX

FRACKING FLEX

This talk introduces new methods for penetrating server-side environments utilizing Adobe Flex services. We'll briefly discuss the AMF protocol and how to break a Flex app with a single HTTP request. In addition, we'll show how to exploit services to perform remote port scans and gain access to internal hosts. Don't waste your Flash 0-day on some unsuspecting user when you can just as easily slip in through the front door. 15 minutes and you'll know everything you need to finish the job.

Presented by