Questions about possible attack vectors

It’s my first post here, Im glad that I could join Your community :slight_smile:

I am an IT specialist in my country, where security level is really low.
I was asked to get some research about how can we improve security in company and prepare some sort of presentation - but, since I am mostly hardware oriented guy, I have couple questions.

I have an access to network and router admin’s page - just typical network, with some PC’s and printers on LAN, some iPad and CCTV running on WiFi.

Let’s say that I have plugged in a RPi 4 with Kali Linux installed on it.

What are my possible attack vectors? I would be mostly interested in gaining access to PC, mostly running Windows. I played a bit with some MITM or ARP spoofing, what shoulc I try next?