This talk introduces new methods for penetrating server-side environments utilizing Adobe Flex services. We'll briefly discuss the AMF protocol and how to break a Flex app with a single HTTP request. In addition, we'll show how to exploit services to perform remote port scans and gain access to internal hosts. Don't waste your Flash 0-day on some unsuspecting user when you can just as easily slip in through the front door. 15 minutes and you'll know everything you need to finish the job.
Marcin Wielgoszewski is a security engineer at Gotham Digital Science based in NYC. He enjoys breaking applications and calling your baby ugly much to your dismay.