Retour aux projets
EtcSec - Explore. Track. Comply.
Production

EtcSec - Plateforme de Sécurité des Identités

Plateforme d'audit multi-cloud hybride : collecteur Docker on-prem + dashboard SaaS (Next.js, streaming SSE). Plus de 400 contrôles de vulnérabilités sur AD et Azure Entra ID. Cartographie MITRE ATT&CK (28+ techniques), analyse des chemins d'attaque par graphe, remédiation PowerShell en un clic. Conformité : ISO 27001, SOC 2, NIST, RGPD, DORA, HIPAA, PCI-DSS. 5 niveaux de tarification (Gratuit → MSSP). Développé en vibe coding.

Next.js Go Docker LDAP/LDAPS Microsoft Graph API SSE Streaming JWT MITRE ATT&CK
Voir le projet

Hybrid Architecture: On-Prem Collector + SaaS Dashboard

Identity security platform with data collection on-premises and centralized analytics in the cloud

01

On-Prem Collector

Lightweight Docker container (~138 MB). Go-based single binary with concurrent LDAP queries. Connects to AD via LDAP/LDAPS, Azure via Graph API, Intune, Exchange Online. Air-gapped JSON export support.

DockerGoLDAP/LDAPSMicrosoft Graph SDK
02

Analysis Engine

400+ security checks across 15 categories. MITRE ATT&CK mapping (28+ techniques). Risk scoring 0-100 with severity classification. One-click PowerShell remediation scripts. Graph-based attack path analysis.

400+ DetectorsMITRE ATT&CKRisk ScoringRemediation Scripts
03

SaaS Dashboard

Next.js web app (app.etcsec.com). Historical analytics, compliance reports (ISO 27001, SOC 2, NIST, GDPR, DORA, HIPAA, PCI-DSS), scheduling up to 4 audits/day, multi-tenant MSSP support, SIEM/SOAR integration, RBAC, PDF/CSV export.

Next.jsReact Server ComponentsTailwind CSSSSE Streaming

Fonctionnalités Clés

400+ Vulnerability Checks

AD + Azure Entra ID across 15 categories: Kerberos, ADCS ESC1-11, Permissions, GPO, Network, Compliance, Attack Paths, and more

MITRE ATT&CK Mapping

28+ techniques mapped. Visual attack path analysis with graph-based privilege escalation detection across AD objects and permissions

Multi-Cloud Identity Coverage

Active Directory on-prem, Azure Entra ID, Intune, Exchange Online. 4 identity providers supported with dedicated detectors per provider

7 Compliance Frameworks

ISO 27001, SOC 2, NIST, GDPR, DORA, HIPAA, PCI-DSS. Compliance packs available as add-ons with automated mapping

One-Click PowerShell Remediation

PowerShell scripts generated per finding. Copy-paste ready for immediate fix. Reduces mean time to remediate from hours to minutes

Hybrid On-Prem + SaaS Architecture

Collector runs locally (data never leaves network). Optional sync to SaaS dashboard. Air-gapped workflow via JSON export/import (USB, SFTP)

SSE Real-Time Progress (134 Steps)

74 AD steps + 25 Azure + 20 Intune + 15 Exchange. Live streaming audit progress per provider with Server-Sent Events

MSSP/Multi-Tenant Support

White-labeling, client portal, unlimited collectors/sites on Partner tier. 5 pricing tiers from Free to MSSP Partner (up to 15,000 users)

Stack Technique

Go 1.24 Collector Runtime

Single binary, zero dependencies, concurrent LDAP queries via goroutines

Next.js (App Router) SaaS Dashboard

React Server Components, Tailwind CSS, dark mode, Geist font

Docker Deployment

~138 MB Alpine image, multi-arch (amd64/arm64), non-root UID 1001

LDAP/LDAPS + SMB AD Connectivity

Port 636 (LDAPS), port 445 (SMB), connection pooling, injection prevention

Microsoft Graph SDK Cloud Providers

Azure Entra ID, Intune, Exchange Online. Pagination for >999 items

JWT + Consumable Tokens Authentication

3-100 uses then invalidated. 1h session expiry with 5min cleanup cycle

SSE Streaming Real-Time

134 total progress steps across 4 providers (74 AD + 25 Azure + 20 Intune + 15 Exchange)

MITRE ATT&CK Engine Security Analysis

28+ techniques mapped. Graph-based attack path analysis with privilege escalation detection

Résultats & Métriques

Performance Technique

< 5 min
Audit Time
vs 40h+ manual audits
< 3 sec
Startup
Alpine ~138 MB image
400+
Security Checks
AD + Azure
47
API Endpoints
REST API + SSE streaming

Impact Business

5
Pricing Tiers
Free → MSSP Partner
7
Compliance Frameworks
ISO/SOC2/NIST/GDPR/DORA/HIPAA/PCI-DSS
4
Identity Providers
AD, Azure, Intune, Exchange
15
Security Categories
Kerberos/ADCS/Permissions/GPO/...

Sécurité & Conformité

127.0.0.1
Localhost-Only Bind
Data never leaves network
3-100 uses
Consumable Tokens
1h session expiry + blacklist
UID 1001
Container Hardening
Non-root execution
Prevented
LDAP Injection
Auto-escape all parameters

Défis Techniques & Solutions

Scaling from 99 to 400+ Detectors

Problème
Original Node.js engine could not handle 4x more checks efficiently. Memory overhead and sequential LDAP queries became bottlenecks
Solution
Complete rewrite of collector in Go with goroutines for concurrent LDAP queries, single binary compilation, and optimized memory management. Detector registry pattern for scalable check management

Multi-Cloud Provider Integration

Problème
AD (LDAP), Azure (Graph API), Intune (Graph beta), Exchange (EWS/Graph) all have different APIs, auth flows, and data models
Solution
Unified provider abstraction in Go with per-provider connection testing and dynamic provider parameter. Automatic pagination for Graph API (>999 items)

Hybrid On-Prem + SaaS Architecture

Problème
Enterprises want data to stay on-prem for security, but also need centralized dashboards for multi-site management and historical trending
Solution
Collector runs locally (localhost-only bind by default), with optional sync to SaaS dashboard. Air-gapped mode with JSON export/import via USB/SFTP for environments without internet access

MITRE ATT&CK Attack Path Analysis

Problème
Individual vulnerability findings do not show real risk without attack chain context. Kerberoasting alone is low-risk, but combined with weak permissions it becomes critical
Solution
Graph-based attack path engine analyzing relationships between AD objects, group memberships, and permissions. Maps detections to 28+ MITRE techniques showing privilege escalation paths

Compétences Démontrées

Product Development

SaaS ArchitecturePricing Strategy (5 tiers)Multi-Tenant DesignMSSP White-LabelingBeta Program Management

Security Engineering

400+ Vulnerability DetectorsMITRE ATT&CK MappingAttack Path AnalysisADCS ESC1-11PowerShell Remediation

Multi-Cloud Identity

Active Directory (LDAP/LDAPS)Azure Entra IDIntuneExchange Online

Full-Stack Development

Next.js (App Router)GoDocker Multi-ArchREST API (47 endpoints)SSE Streaming

Compliance & Standards

ISO 27001SOC 2NISTGDPRDORAHIPAAPCI-DSS

Intéressé par ce projet ?

Contactez-moi pour discuter de projets similaires ou pour plus d'informations.

Me contacter Voir tous les projets