Please note that the following topics are excluded from the things we'll cover in the oral exams
- History of the Web (but, know which version of HTTP supports what)
- Exact structure of MySQL information_schema (but know what you can use that for), Drupageddon
- POP Chains (vBulletin example) from the Q/A session, but know how POP works and how to exploit a vulnerability
- Jinja: exact exploit chain, but have an understanding of how it would work
- TLS-specific attacks (e.g., logjam)
Anything not on this list is fair game in the exams, that includes topics from the videos, the Q/A sessions and the jeopardies/Screecher challenges.