Tycoon 2FA is a prolific Phishing-as-a-Service (PhaaS) platform utilizing Adversary-in-the-Middle (AiTM) techniques to bypass MFA and steal session tokens across Microsoft 365 and Google Workspace. The kit employs sophisticated evasion tactics, automated post-compromise reconnaissance, and establishes durable persistence mechanisms, such as Device-PRT in Entra ID, which survive standard session revocation procedures.