SSH tunneling:
-L (local forward): local port → remote server.
-R (remote forward): remote port → local machine.
-D (dynamic): creates SOCKS proxy for routing any traffic.
SSH -D 1080 creates a SOCKS5 proxy — combine with proxychains to tunnel any tool through SSH. Used in pen testing to pivot through SSH-accessible hosts. Blue teams: detect via SSH session duration, unusual data volumes, or multiple port forwards on single SSH connection.