This article provides an in-depth analysis of the Tycoon 2FA phishing kit, focusing on its continuous evolution and the sophisticated techniques it employs to bypass two-factor authentication (2FA) for Microsoft 365 and Gmail. It explores various evasion mechanisms, including code obfuscation, CAPTCHA checks, and browser fingerprinting, detailing how these methods have changed over time. The study also offers practical tips for detecting Tycoon 2FA attacks, emphasizing the importance of behavioral analysis over signature-based detection.