Operational Security (OPSEC) Basic Guide for Windows Users

   March 9, 2026  Posted in zerosalarium
Share: XFacebookPinterestRedditVKDiggLinkedinMix


I. Introduction

This is one in a series of my articles on the configuration operations and how
to use Windows to keep your computer and data secure in the digital space. In
this article, we will discuss the topic of hidden files on Windows: why and
how to reveal these files. Following that is an analysis of how hackers
exploit file extensions and the preview pane, along with defensive strategies.

You can follow my Twitter (X) to be notified when there are new posts: Two Seven One Three (@TwoSevenOneT).

This series of articles will be beneficial for:

Ordinary users who have a new laptop or have just newly installed Windows. Or
just want to be assured that those device is a safe place to store personal
files like photos and files

Those who want to start with basic OPSEC guidelines.

Developers who seek additional safety measures and enhanced security awareness
when using their computers.

Those who wish to maintain privacy for their personal information and data.

OPSEC meaning:

This is the process of managing security and risk to prevent information from
falling into the hands of unauthorized or malicious users.

As for this series, it will be a list of tasks to perform in order to
configure and use Windows along with accompanying software in everyday
activities. The aim is to ensure that your computer is protected from malware
and to minimize the uncontrolled sharing of information.

In addition, minimizing the sharing of information with third parties is also
very important, as even large technology companies have experienced a data
breach.

II. Things lurking in the abyss. Should or shouldn’t be seen

1. Malicious Hidden File. Way Malware is Spread

Adversaries often use techniques to hide files and directories to evade
detection. You can learn more information through the link :
MITRE 

Not only that, the fact that users cannot see hidden files is also used to
facilitate the spread of malware. Have you ever heard of the DLL-Hijacking
attack method? This type of attack exploits the search order and loading
sequence of DLLs in Windows, causing your legitimate programs to load
malicious code into memory.
More Info

Currently, there are many APT groups and cybercrime gangs using this
technique. Some examples include: APT41 Group,
Aquatic Panda, APT29 using
Brute Ratel C4, …

A. Real-life example of malware infection by exploiting hidden files

The two images below illustrate two different Windows Explorer
configurations. One does not show hidden files, while the other has been
adjusted to display these files. Same Folder.

Explorer Not Show Hidden File Abuse
Explorer: Hidden File Abuse
Explorer - Show Hidden File Enabled
Explorer: Show Hidden File Enabled

Suppose when using Explorer to navigate to the folder containing these files,
you only see a file named “Weekly Payroll Report.pdf” When you
double-click on it, you become infected with malware, and the infection flow
will be as follows:

  1. The file “Weekly Payroll Report.pdf” (this is a shortcut file, and I
    won’t explain it in detail as it is not relevant to the topic of the
    article) will activate the hidden executable file “PDF Reader
  2. PDF Reader” will load the DLL “AcroRd32” using the DLL
    hijacking technique.
  3. The DLL “AcroRd32” will execute malicious code, and your computer is
    now infected with malware.
  4. This infection scenario using hidden files often occurs when you receive
    compressed file attachments (Zip, Rar, 7z, etc.). It can also happen when
    you use Explorer to navigate to external hard drives, USB or shared network
    drives.

B. How to show hidden files in Windows Explorer

  1. Open Windows Explorer
  2. Click on “File” then click “Options
  3. At window “Folder Options”, choose radio button “Show Hidden files, folders or drives
  4. Click “OK” to apply.

The configuration steps I will carry out are for Windows 10. If you’re using a
different version, you can search for similar configuration steps using
relevant keywords.

C. Things that are not visible are bad. Why does Windows have hidden files?

  • To ensure that users do not modify important files, which could affect the
    system.
  • It helps keep the workspace interface tidy and easier to navigate. Imagine
    your working folder has many hidden files; if all of them are displayed, it
    can easily lead to confusion and make operations more difficult.

2. Simply showing hidden files is not enough. Hidden Operating system files

A. Real-life example

In some cases, even when you have set Explorer to show hidden files, there
will still be some files that remain hidden. For example, the current
directory below.

Explorer - Not Show operating system files
Explorer: Not Show operating system files

Only the file “Weekly Payroll Report.pdf ” is visible. As we noted in
the previous example, the files “PDF Reader” and the DLL
AcroRd32” are still lurking hidden in this folder. Of course, when
you open the file with name “Weekly Payroll Report.pdf” you will also
become infected with malware.

The reason this occurs is that the two files “PDF Reader” and
AcroRd32” have been assigned a “System” attribute. Therefore, when
Explorer navigates to these files, even though you have configured it to
show hidden files, it will prioritize the System attribute and keep these
files hidden.

B. You can force Explorer not to hide these files by configuring it as
follows

  1. Open Windows Explorer
  2. Click on “File” then click “Options
  3. At window “Folder Options”, choose radio button “Show Hidden files, folders or drives” and uncheck “Hide protected operating system files
  4. Click “OK” to apply.

However, this should only be recommended for experienced users to
avoid accidentally deleting or modifying files that could damage the system.

3. Phishing Attack: spoof file extensions

A. Real-life Example

Most of us are aware that we should not open executable files received via
email. However, in everyday situations, how do you determine whether a file
is a document or an executable file?

There is nothing to be ashamed of; our instinct is to be more impressed by
images than by text, so the identification of file types often relies on the
icon.

Therefore, phishing techniques that involve spoofing icons and file
extensions can be an extremely effective attack vector. This technique is
commonly referred to as
Double File Extension.

In default mode, Explorer does not display file extensions. Users rely on
the icons of these files to determine their type. The two images below
illustrate a malicious file specially modified to have the icon of an MS
Word Document; one image does not show the file extension, while the other
is after Explorer has been reconfigured.

Explorer Masquerading Double File Extension example
Masquerading Double File Extension example
Explorer show file extension defend Masquerading Double File Extension
Explorer show file extension

As you can see above, the malicious file is fully named “Weekly Payroll Report.doc.exe” but in the default case where file extensions are not displayed, its name
appears as “Weekly Payroll Report.doc” When you navigate to the folder
containing this file, it is easy to mistakenly perceive it as a regular
document. With an innocent double-click on the “document,” you could
inadvertently infect your device with a virus.

B. Windows show File extensions – How To

You can avoid this confusion by configuring Explorer as follows:

  1. Open Windows Explorer
  2. Click on “File” then click “Options
  3. At window “Folder Options”, uncheck  “Hide extension for known file types
  4. Click “OK” to apply.

C. Why does Windows hide file extensions by default?

The main goal is to prevent headaches when users accidentally change the
extension while renaming a file. This makes the file unable to be opened by
the software specifically designed for it.

4. When the preview pane is exploited, you can become infected even without
double-clicking

The Preview Pane is a feature in Explorer that allows you to quickly view the
contents of a file. This is extremely beneficial when you need to work with
multiple documents and need to quickly identify which file contains the
information you need.

Not only does Explorer have this functionality, but when using a mail client,
you may also have used the Outlook preview pane.

A. How does the preview pane work?

When you select a file, Explorer will determine the file type and request the
operating system to run a corresponding processing application in the
background (for example, for a .doc file, the WinWord process will be
executed). 

The result is that the content of the file will be displayed in Explorer. Only
certain file types support preview; imagine clicking on an .exe file and
having it run immediately.

Preview Pane with docx file example
Preview Pane with docx file example

Therefore, when the preview pane has vulnerabilities, or when software
interacting with documents set to run in the background is exploited, you can
become infected without needing to double-click to open a file. The end result
is that personal data is likely to be compromised: ransomware attack, data
breach, and so on.

B. Several vulnerabilities with the Preview Pane have been identified in the
past

CVE-2022-30190:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190, CVE-2020-1483:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2020-1483, CVE-2024-21413:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413

C. How to Turn Off Preview Pane

You can temporarily request Explorer not to use the preview function by
unchecking the two checkboxes in the View tab of Explorer, as shown below.

how to turn off preview pane
How to turn off Preview Pane

Or you can completely disable the preview pane using the commands below:

reg add
"HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer"
/v NoPreviewPane /t REG_DWORD /d 1 /f

reg add
"HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer"
/v NoReadingPane /t REG_DWORD /d 1 /f

You need to run CMD as Administrator (Right Click => Run As Administrator).
Then restart Explorer.exe for the changes to take effect.

If your work heavily relies on this function, you should still keep using it,
but pay more attention to regularly updating the system.

III. Conclusion

OPSEC for regular computer users involves configuring settings and usage rules
to: keep your computer safe from malware, minimize both controlled and
uncontrolled personal information leaks, maintain performance, and ensure
comfort and ease of use.

Hidden File, System Protected File, Hidden File Extension, and Preview Pane
are utility features designed to enhance the safety and efficiency of document
handling. However, when these features are exploited, they can become a veil
that facilitates the spread of malware on your computer.

Of course, I hope this article will help answer the issue you’re looking to
solve: how can you protect your home computer.



Source link