Abstract
Deepfake in multimedia content is being increasingly used in a plethora of cybercrimes, namely those related to digital kidnap, and ransomware. Criminal investigation has been challenged in detecting manipulated multimedia material, by applying machine learning techniques to distinguish between fake and genuine photos and videos. This paper aims to present a Support Vector Machines (SVM) based method to detect tampered photos. The method was implemented in Python and integrated as a new module in the widely used digital forensics application Autopsy. The method processes a set of features resulting from the application of a Discrete Fourier Transform (DFT) in each photo. The experiments were made in a new and large dataset of classified photos containing both legitimate and manipulated photos, and composed of objects and faces. The results obtained were promising and reveal the appropriateness of using this method embedded in Autopsy, to help in criminal investigation activities and digital forensics.

Abstract
Digital exposure to the Internet among the younger generations, notwithstanding their digital abilities, has increased and raised the alarm regarding the need to intensify the education on cybersecurity in schools. Understanding of the human factor and its influence on children, namely their attitudes and behaviors online, is pivotal to reinforce their awareness towards cyberattacks, and to promote their digital citizenship. This paper aims to present an integrated cybersecurity and cyberawareness strategy composed of three major steps: (1) Cybersecurity attitude and behavior assessment, (2) self-diagnosis, and (3) teaching/learning activities. The following contributions are made: Two questionnaires to assess risky attitudes and behaviors regarding cybersecurity; a self-diagnosis to measure students' skills on cybersecurity; a lesson plan addressing cyberawareness to be applied on Information and Communications Technology (ICT) and citizenship education curricular units. Cybersecurity risky attitudes and behaviors were evaluated in a junior high school population of 164 students attending the sixth and ninth grades. The assessment focused on two main subjects: To identify the attitudes and behaviors that raise the risk on cybersecurity among the participating students; to characterize the acquired students' cybersecurity and cyberawareness skills. Global and individual scores and the histograms for attitudes and behaviors are presented. The items in which we have observed significant differences between sixth and ninth grades are depicted and quantified by their corresponding p-values obtained through the Mann-Whitney non-parametric test. Regarding the results obtained on the assessment of attitudes and behaviors, although positive, we observed that the attitudes and behaviors in ninth grade students are globally inferior compared to those attained by sixth grade students. The deployed strategy for cyberawareness was applied in a school context; however, the same approach is suitable to be applied in other types of organizations, namely enterprises, healthcare institutions and public sector.

Abstract
Information security and cybersecurity are key subjects in modern enterprises' management, being ISO-27001:2013, NIST Cybersecurity Framework and ISO-27009 some of the most implemented international frameworks and standards. Their main goal is to globally reduce the risk, by leveraging enterprises' competitiveness in global markets and enhancing business processes and collaborators' cyber awareness. Auditing processes examine and assess a list of predefined controls. For each control, a set of corrective measures could be proposed, to increase its compliance with the standard being used. These processes are time-consuming, involve on-site intervention by specialized consulting teams on the intervened enterprises, and a set of status reports of all the interventions should be elaborated and delivered. The existing auditing information systems are not developed to meet Small and Medium-sized Enterprises (SME) requirements, as they are mostly proprietary and expensive, ground usually on off-the-shelf applications, and are not generic to be used by several standards with different checklists and auditing methodologies. In this paper, a generic and web-integrated cybersecurity auditing information system is described. Its architecture, design, and data model enable it to be used in a wide set of auditing processes, by loading a predefined controls checklist assessment and their corresponding mitigation tasks list. It was designed to meet both SMEs and large enterprises' requirements, and stores auditing and intervention-related data in a relational database. The information system was tested on an ISO-27001:2013 information security auditing project, which has integrated fifty SMEs. The results obtained during the project are promising and reveal the appropriateness of using this information system in further similar auditing processes.

Abstract
Daily activities have been increasingly supported by intelligent devices and applications. Smart devices are constantly communicating through the Internet of Things (IoT) networks, either by sending collected data and notifying the actions taken or by receiving instructions for actions to be taken. Most of this communication requires the confidentiality of data through the usage of encryption algorithms, being the Advanced Encryption Standard (AES) algorithm one of the most used. However, how do the operation modes of AES algorithm perform in a resource-constraint device? This paper aims to evaluate the impact on the time to encrypt and decrypt different sized messages in IoT devices when using each one of the five AES modes of operation and the three key sizes defined. The test scenario was implemented using two programming languages, running on a Raspberry Pi device. The results achieved infers that Python was quicker and had a more homogeneous result set than JavaScript implementation in most AES operation modes. These results help to understand the trade-off between IoT devices' security needs and delays in communication caused by the selection of the AES algorithm operation mode.

Abstract
Computer network attacks are vast and negatively impact the infrastructure and its applicational services. From a cyber offensive and defensive perspective, there are a plethora of tools to craft and inject customized malicious packets in the network and exploit operating systems and application vulnerabilities. Those tools are however hard to operate by practitioners with less knowledge on networking fundamentals and students in the early stage of their studies. This paper proposes an easy-to-use application tool that can produce customized Denial of Service (DoS) and spoofing attacks. It was developed in Python and takes advantage of scapy library to process and inject network packets. A set of experiments was made, and the results obtained show the efficiency and accuracy of the attacks, by impairing the proper functioning of the victim's machines.

Abstract
Confidentiality protects users' data from digital eavesdroppers when traveling through the Internet. Confidentiality is complex and costly, especially on applications that involve communication and data exchange between multiple users. Cryptography has been the most used medium to achieve confidentiality, being the greatest challenge the sharing of a secret key to a group of people in a safe and effective way. This paper presents a chat application that implements an innovative way of sending messages with end-to-end encryption, in real-time, with a dynamic key store, and without the existence of data persistence. The application stands out from the others by the fact that it innovates the way the keys are shared with multiple users.