In this talk I will describe how I used an exploit chain to defeat the Samsung KNOX 2.6 with zero privilege, including KASLR bypassing, DFI bypassing, SELinux fully bypassing and privilege escalation.