diff --git a/internal/handlers/handlers.go b/internal/handlers/handlers.go
index 6cd7ff8..c1801a9 100644
--- a/internal/handlers/handlers.go
+++ b/internal/handlers/handlers.go
@@ -209,7 +209,32 @@ func (h *Handler) RawFile(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Handler) ServeStatic(w http.ResponseWriter, r *http.Request) {
-	http.StripPrefix("/static/", http.FileServer(h.staticFS)).ServeHTTP(w, r)
+	// Serve static files with directory listing completely disabled
+	filePath := strings.TrimPrefix(r.URL.Path, "/static/")
+	if filePath == "" || strings.HasSuffix(filePath, "/") || strings.Contains(filePath, "..") {
+		http.NotFound(w, r)
+		return
+	}
+
+	f, err := h.staticFS.Open(filePath)
+	if err != nil {
+		http.NotFound(w, r)
+		return
+	}
+	defer f.Close()
+
+	stat, err := f.Stat()
+	if err != nil {
+		http.NotFound(w, r)
+		return
+	}
+
+	if stat.IsDir() {
+		http.NotFound(w, r)
+		return
+	}
+
+	http.ServeContent(w, r, stat.Name(), stat.ModTime(), f)
 }
 
 func (h *Handler) openISO(relPath string) (*iso.Reader, error) {
diff --git a/test_secure/test.iso b/test_secure/test.iso
new file mode 100644
index 0000000..e69de29
diff --git a/test_secure/test.txt b/test_secure/test.txt
new file mode 100644
index 0000000..345e6ae
--- /dev/null
+++ b/test_secure/test.txt
@@ -0,0 +1 @@
+Test