I've uploaded my slides from the presentation I gave last week at the OWASP NYC Chapter on Pentesting Adobe Flex Applications.

In an upcoming post, I'll describe in detail working with custom objects and how to craft AMF messages containing them and other data types.