Matteo Lodi is a Detection Engineer with eight years of hands-on experience in threat intelligence, malware analysis and security-focused software development. He led R&D and coordinated cross-functional teams as Threat Intelligence Team Leader at Certego, and now contributes at VMRay while administrating the popular open-source IntelOwl project (2k+ GitHub stars). A SANS "Lethal Forensicator" awardee, Matteo has improved widely-used analysis tooling—contributing to Cortex analyzers and enhancing oletools’ VBA/XLSM detection—to reduce false positives and bolster automation. He volunteers as a mentor and organizer for The Honeynet Project and Google Summer of Code, blending community-driven open source work with applied research. Based in Carpi, Italy, he teaches incident response and threat intelligence and is known for turning deep reverse-engineering insights into reliable detection solutions.
8 years of coding experience
1 year of employment as a software developer
Post graduate Course in Cyber Security (CyberAcademy), Post graduate Course in Cyber Security (CyberAcademy) at Università degli Studi di Modena e Reggio Emilia
Traditional course, Traditional course at Liceo Scientifico
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
Role in this project:
Security Engineer
Contributions:2 reviews, 10 commits, 2 PRs in 8 months
Contributions summary:Matteo primarily contributed to the enhancement of the `olevba` tool, which is designed to analyze MS Office documents for security vulnerabilities. They added new methods for detecting and decrypting encrypted VBA files, extracting XLM macros from newer XLSM formats, and detecting template injection attempts within OpenXML files. Furthermore, they refined the tool's ability to identify suspicious keywords and adjusted command detections to reduce false positives, thereby improving the tool's accuracy in identifying malicious code.
Contributions:6 commits, 3 PRs, 7 comments in 5 months
Contributions summary:Matteo contributed to the development of analyzers for the Cortex platform, specifically focusing on integrating with external threat intelligence services like AbuseIPDB and Intezer Community. Their work involved writing Python code to interact with APIs, parse JSON responses, and generate reports. They also improved error handling and added templates for the analyzers, likely for reporting the analysis results within Cortex. The user demonstrates skills in API integration and the creation of tools for threat intelligence enrichment.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Matteo Lodi - Detection Engineer at The Honeynet Project