Exam

The information in this section is preliminary and might still change. We hope it won’t, though.

  • The exams will be oral exams.
  • The exams will take place at Zanderstraße 5, 53177 Bonn-Bad Godesberg.
  • There will be two exam periods.
  • The first exam period will be on 2026-07-27 to 2026-07-29.
  • Timeslots will be assigned after the last exercise sheet has been graded. You will receive an email asking you for your availability.
  • The second exam period will be on 2026-09-21 to 2026-09-23.
  • Timeslots will be assigned after the first exam period. You will receive an email asking you for your availability.

Exam location

The exam takes place at the Fraunhofer FKIE, Zanderstraße 5, 53177 Bonn-Bad Godesberg. Map of the location

You probably want to take the public transport to “Bad Godesberg Stadthalle” and walk the ~350m to the building.

You have been assigned a time slot for your oral exam and received it via email. Please arrive a few minutes before your slot starts, and plan your travels accordingly. If you know you are running late, please email us.

Once you arrive, ring the doorbell left of the revolving door, and the doorkeeper will let you in. Tell the doorkeeper that you are here for the ABE exam. They will direct you towards the exam room “Gronau”, which is located on the ground floor on the left side from the entrance.

Exam procedure

If the door of the exam room is closed, please wait in front of the room until you are invited in.

There will be multiple people: The professor, a second interviewer, and a third person who types the examination protocol.

At the very beginning, we will check your student ID and ID card or passport. So remember to bring those with you 🙂

We will spend about 20 minutes quizzing you about the lecture contents (might be a bit more or less depending on how it goes). This is aided by some slides (usually from the lecture material) that we have printed out for you. It is always a good idea to let us know what you think (instead of saying nothing) even if you don’t have the answer yet. It’s also okay to honestly say that you did not learn a specific topic, so we can move on to something else.

Once the exam is over, we send you out of the room for a short while to discuss your grade.

Then you may come back in, collect your grade, chat a bit, and leave again through the same door you came in.

What kind of questions will be asked?

  • We show you an exploit (probably in Python) and you have to explain what kind of exploit it is and how it works, what the bug class is and how exploits of that kind work in general.

  • We show you some code (C or ASM), you tell us what it does and how to find an exploit.
    Furthermore, what is special about this kind of exploit?
    What are the constraints?

  • There will also be questions about lecture slides where we removed some elements (words, numbers, arrows, …) and ask you about those missing elements:

    • For example: What does the address 0x13374223 mean? Explain what you see on the slide and fill in the blanks?

  • Some questions will be about the slides with no modifications at all.

To summarize: We will mostly ask technical questions instead of broad and generic questions.
The code snippets will have a manageable size!
Just take a look at this example: https://godbolt.org/z/nq6GYK.
Check out the C code and the Assembly.
Use the colors to match the C code to the machine code instructions.

How do I know if I am well-prepared?

If you invested the time to do the exercises, you should be safe.

If not, try to solve some of them before the exam and really understand what you are doing.

It’s also an excellent idea to imagine what we could ask you and try to answer the question to yourself.

Often you will notice if you can explain everything smoothly or if you still have a knowledge gap.

26 Jan 2026